Bug #11023
closed
route_get('default', 'inet') always returns empty
0%
Description
ip address is missing [NAMECHEAP_SOURCEIP]
test.com
Renewing certificate
account: testing
server: letsencrypt-staging-2
/usr/local/pkg/acme/acme.sh --issue --domain '*.test.com' --dns 'dns_namecheap' --home '/tmp/acme/test.com/' --accountconf '/tmp/acme/test.com/accountconf.conf' --force --reloadCmd '/tmp/acme/test.com/reloadcmd.sh' --log-level 3 --log '/tmp/acme/test.com/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[NAMECHEAP_SOURCEIP] =>
[NAMECHEAP_API_KEY] => XXXXXX
[NAMECHEAP_USERNAME] => XXXXXX
)
[Sat Oct 31 11:27:26 CET 2020] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Oct 31 11:27:26 CET 2020] Single domain='*.test.com'
[Sat Oct 31 11:27:26 CET 2020] Getting domain auth token for each domain
[Sat Oct 31 11:27:29 CET 2020] Getting webroot for domain='*.test.com'
[Sat Oct 31 11:27:29 CET 2020] Adding txt value: XXXXXXXXXXXXXXX for domain: _acme-challenge.test.com
[Sat Oct 31 11:27:29 CET 2020] No Source IP specified for Namecheap API.
[Sat Oct 31 11:27:29 CET 2020] Use your public ip address or an url to retrieve it (e.g. https://ipconfig.co/ip) and export it as NAMECHEAP_SOURCEIP
[Sat Oct 31 11:27:29 CET 2020] Error add txt for domain:_acme-challenge.test.com
[Sat Oct 31 11:27:29 CET 2020] Please check log file for more details: /tmp/acme/test.com/acme_issuecert.log
Files
| pfsense.png (28.9 KB) pfsense.png | |||
| log fit.png (88.3 KB) log fit.png | |||
| vip nachher.png (26.9 KB) vip nachher.png | |||
| vip vorher.png (23.6 KB) vip vorher.png |
Updated by Christian Knop over 3 years ago
can the domain cause the problem? a .net works and a .fit and a .vip cause the error.
Updated by Jim Pingle over 3 years ago
- Assignee set to Jim Pingle
- Target version deleted (
2.5.0)
Updated by Jim Pingle over 3 years ago
- Project changed from pfSense Packages to pfSense
- Subject changed from Acme DNS Namecheap -> no [NAMECHEAP_SOURCEIP] to route_get('default', 'inet') always returns empty
- Category changed from ACME to Routing
- Status changed from New to Feedback
- Assignee changed from Jim Pingle to Renato Botelho
- Target version set to 2.5.0
Actually this isn't a problem in ACME, it's a problem in a base system function which only exists on 2.5.0.
route_get('default', 'inet') always returns empty.
Renato has a fix in already, b1558574e69965ea68744ad355a60842ca8294ea
Updated by Christian Knop over 3 years ago
I am surprised that it is not ACME. I tested ACME on Ubuntu 20.04.1 and sometimes the same problem. I suspect a problem with multiple domains on one public ip. tomorrow I will test whether the 1st domain is always possible and not every other With 3 domains, 1 is always possible, so it is not due to .fit or .vip domains.
Updated by Christian Knop over 3 years ago
Under Ubuntu I entered my public ip by hand in the config and was able to solve the problem with it.
However, there were curl errors under ubuntu but not in the 1st domain. i am convinced that there are problems with 1 public ip and the generation for multiple domains.
Updated by Renato Botelho over 3 years ago
Christian Knop wrote:
Under Ubuntu I entered my public ip by hand in the config and was able to solve the problem with it.
However, there were curl errors under ubuntu but not in the 1st domain. i am convinced that there are problems with 1 public ip and the generation for multiple domains.
Sorry, I'm confused. Is the problem resolved on pfSense? OR you are still able to reproduce it?
Updated by Christian Knop over 3 years ago
I just looked to see if the same error existed under ubuntu.
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to Resolved
The specific error "No Source IP specified for Namecheap API" was due to a bug in the routing code as I mentioned. It was not populating that variable correctly since it was getting an empty response when looking up the default gateway. That was fixed, and now Namecheap works again.
Nothing else mentioned after that is relevant to this particular error. You might have hit something new in ACME that is unrelated, but if so it probably needs reported to acme.sh and not us.
Updated by Christian Knop over 3 years ago
- File log fit.png log fit.png added
- File pfsense.png pfsense.png added
- File vip nachher.png vip nachher.png added
- File vip vorher.png vip vorher.png added
Many thanks for the support. The gateway ip is now correctly recognized.
I have now found the other bug. The 1st domain in Acme works. For each additional domain, 2 instead of 1 DNS .txt are generated.
Updated by Christian Knop over 3 years ago
All 3 domains are with Namecheap. 3 different endings .net, .fit and .vip. It doesn't matter in which order the domains are created in Acme, only the 1st from the list works.
Updated by Jim Pingle over 3 years ago
That is not relevant to this bug report, and is likely a problem in the script maintained by acme.sh and not us.
Updated by Christian Knop over 3 years ago
I tried the following https://chasingcode.dev/blog/fix-curl-error-60-ssl-certificate-problem/. The entry in the php.ini is overwritten after each reboot.
Updated by Christian Knop over 3 years ago
ow to fix cURL error 60: SSL certificate problem
Narendra Vaghela
Narendra Vaghela
Sep 1, 2016·1 min read
Sometimes, when we make a curl call to third party services, we get an error curl: (60) SSL certificate : unable to get local issuer certificate.
This error occurs because the curl verifies and makes a secure connection request using self-signed certificate. When it does not find the valid certificate, it throws an error.
To fix this error, follow the steps below:
Open http://curl.haxx.se/ca/cacert.pem
Copy the entire page and save it as a “cacert.pem”
Open your php.ini file and insert or update the following line.
curl.cainfo = “[pathtofile]cacert.pem”
Updated by Jim Pingle over 3 years ago
Stop posting to this bug report. The one single issue for this report is resolved. If you have some other issue, it does not belong here as it is not related. Please post to the forum to discuss the problem, not here.
Updated by Christian Knop over 3 years ago
Jim Pingle wrote:
That is not relevant to this bug report, and is likely a problem in the script maintained by acme.sh and not us.
oh sorry, i thought the script is specially adapted for pfsense.